[sldev] OpenID & SSL certificates
Matthew Dowd
matthew.dowd at hotmail.co.uk
Mon Oct 1 02:00:01 PDT 2007
You probably need to differentiate what the user sees, and what happens behind the scenes.
I would hope what would happen is something like this:
Logging on when certificate is still valid
What the user sees: The client starts and either prompts them for their OpenID and password or autologs on depending on their setup and they are in...
What happens behind the scenes: the client opens the certificate store, determines the certificate is valid and uses that to authenticate
Logging on when certificate is expired
What the user sees: The client starts and either prompts them for their OpenID and password or autologs on depending on their setup and they are in...
What happens behind the scenes: the client opens the certificate store, determines the certificate has expired, contacts the IDP to renew and uses the renewed certificate to authenticate
Matthew
> Date: Sun, 30 Sep 2007 16:13:00 -0400> From: gigstaggart at gmail.com> To: dzonatas at dzonux.net> Subject: Re: [sldev] OpenID & SSL certificates> CC: sldev at lists.secondlife.com> > Dzonatas wrote:> > One of the users certificate may expire. In this case, the user logs > > into the OpenID system again to lease/create a new certificate. The > > system re-propagates as needed.> > > There is no way in hell users will accept something this complex. On > that Jira issue I posted before, I have users arguing they should have > the right to set their password to their login name or to "password" or > "god".> > Get some perspective here. Users aren't going to deal with certificate > management.> > -Jason> _______________________________________________> Click here to unsubscribe or manage your list subscription:> /index.html
_________________________________________________________________
Get free emoticon packs and customisation from Windows Live.
http://www.pimpmylive.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20071001/c24f6b99/attachment.htm
More information about the SLDev
mailing list